turbotax, a perennial pc magazine editors' choice winner, has two major new features this year: product activation and digital rights management (drm). intuit has implemented both of these through macrovision's safecast system.

according to steve bennett, president and chief executive of intuit, the switch to product activation has been very beneficial so far. in a report to analysts he stated: "last year, we got paid for only about a third of the approximately 15 million federal returns prepared and filed on turbotax desktop products. with this year's turbotax license, taxpayers can still prepare and file multiple returns from one pc. so while we don't expect to get paid for all of those additional 10 million returns, we believe many resulted from pass-along copies and will result in additional turbotax sales."

that's great; i want everybody who uses turbotax to pay for it. software piracy is a nonstarter in my book. but i also want everyone who uses turbotax to get full utility and flexibility out of the product, and that's where intuit's implementation of safecast falls down.

the message boards at extremetech started to heat up in early january, as habitual turbotax users found those jarring new features and began to experience problems. the flow of messages became a torrent, as users blamed turbotax for everything from cd-copying problems to fallen arches. it was time to do some serious analysis and get at the truth.

extremetech's security columnist and contributing editor brett glass flew to new york from the wide-open spaces of his home in wyoming and went to work at pc magazine labs with a store-bought copy of turbotax. he used a variety of pc magazine utilities, commercial products, and hacker tools to determine exactly what turbotax doesand doesn't doto systems. extremetech published his findings in two parts, in the midst of a very fluid situation in which intuit was attempting to respond to user complaints (and ours). you can find brett's detailed report, links, a recap, and recommendations from extremetech editor-in-chief jim louderback at www.extremetech.com/turbotax.

the bottom line is that safecast doesn't prevent you from copying the turbotax disc. in fact, intuit wishes you would, so when you pass the program along, your friend has to pay to activate and use it. turbotax performs many of its usual functions without activation, so if you're a newcomer to the product, you can make an informed decision as to whether it's right for you. that's the good news.

the bad news is that you can't make a backup of the program or run it on another system. so if you upgrade to a new machine or just get a new hard drive, you're out of luck. you can call intuit for a new activation code, but users report that many such calls have been greeted with suspicion and hostility. intuit appears to have done a poor initial job of training its service staff, perhaps oversimplifying the issues.

on the other hand, some users are determined to make their own misery, trying to do their taxes on machines that they modify and hack. to intuit's credit, it has adapted the implementation of safecast by adding an uninstall utility and has announced that you will be able to download an unlocked version of turbotax six months after the filing deadline, so that you'll have unrestricted backup and re-creation of your return in the future.

safecast, however, does a number of bad things to your system and leaves pieces of itself all over the place. even the uninstall doesn't remove it completely, although brett's report tells you what to look for and how to get rid of it. one of the things i like least is that the program writes to an undocumented sector on the boot track, which may interfere with other security systems, differently formatted hard drives, or multi-os boot programs.

sadly, for all its chicanery, safecast doesn't appear to be particularly robust as drm schemes go. once you understand how safecast works, it's not especially difficult to defeat. as brett observes, security by obscurity is no security at all.

Related

despite everything, intuit's bennett characterizes the complainers as a sort of live-free-or-die lunatic fringe. instead of being disparaging, every company that flirts with drm must fully consider the complex ways in which we use our pcs, as well as the potential landmines in customer relations.

Read More

About the Author

Bill Machrone is vice president of technology at Ziff Davis Publishing and editorial director of the Interactive Media and Development Group. He joined Ziff Davis in May 1983 as technical editor of PC Magazine, became editor-in-chief in September of that year, and held that position for the next eight years, while adding the titles of publisher and... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.